SubscribeGFI Software, a leading developer of network security, content security and messaging software, today announced it is tracking a new method through which spammers send messages with MP3 attachments that contain the latest pump-and-dump stock scams.
MP3 Email Spam
The spam is a short, 30-second MP3 file recorded at low bit-rate with a synthetic female voice promoting a particular stock; the voice heavily distorted to avoid signature-based anti-spam approaches (click here to listen to an edited sample of MP3 spam).
Spammers are taking advantage of the fact that the MP3 format is one of the most common in use today and that most anti-spam solutions do not handle attachments very well because they do not actually analyze the attachment content.
"MP3 spam is a natural progression from PDF and Excel spam whereby spammers are exploiting a new file format to be able to send spam. This is their latest attempt to evade anti-spam filters. There is also a social engineering aspect to this tactic because people frequently share MP3 files," David Vella, Director of Product Management, said.
Addressing MP3 Spam
To address the MP3 spam threat administrators need to deploy as many anti-spam techniques as possible, including Bayesian filtering, while at the same time maintaining a very low level of false positives. Additionally, administrators can block attachments or place restrictions on allowable sizes to weed out unwanted material.
The Benefit of Spam Detection
GFI MailEssentials includes a second generation Bayesian filtering engine. This goes beyond the simple analysis of text but also examines the form and attributes of attachments. The benefit of spam detection via Bayesian filtering is that the technology automatically tunes itself to each customer-specific email profile, rather than relying on one ‘rule set’ for all customers like other rules-based anti-spam products do. With this second generation Bayesian filtering technology, GFI is at the forefront of anti-spam technology thus allowing the company to effectively deal with the constantly evolving spam techniques.
Users of GFI MailSecurity can also use the content filtering feature to filter out spam that is downloaded to the email client based on attachment file type or size.
For information on GFI’s anti-spam and anti-phishing solution, GFI MailEssentials, visit http://www.gfi.com/mes/. For information on GFI’s anti-virus, anti-spyware and anti-malware solution, GFI MailSecurity, visit http://www.gfi.com/mailsecurity/.